Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

cpu @ 100%

Started by wossie , Nov 03 2005 01:57 PM

  • Please log in to reply

#1
wossie
Posted 03 November 2005 - 01:57 PM

wossie

    Member

  • Member
  • PipPip
  • 27 posts
Logfile of HijackThis v1.99.1
Scan saved at 19:46:26, on 03/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\oodag.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\gsicon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\wayne\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://uk.docs.yahoo.com/info/ie6.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://uk.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.yahoo.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

http://uk.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =

Microsoft Internet Explorer provided by Yahoo! UK and Ireland
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no

file)
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no

file)
O2 - BHO: EpsonToolBandKicker Class -

{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON

Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page -

{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON

Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan

Remover\Trjscan.exe
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone

Labs\ZoneAlarm\zlclient.exe"
O4 - Startup: RegFreeze.lnk = C:\Program Files\RegFreeze\regfreeze.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Packard Bell -

{1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm

(file missing)
O9 - Extra button: Spyware Doctor -

{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -

C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

(no file)
O9 - Extra button: Search and Remove Spyware -

{CDB280E8-BE43-4128-8A5A-3FCD094E2D88} - C:\Program

Files\RegFreeze\rfsearchhandler.dll
O9 - Extra 'Tools' menuitem: Search and Remove Spyware -

{CDB280E8-BE43-4128-8A5A-3FCD094E2D88} - C:\Program

Files\RegFreeze\rfsearchhandler.dll
O9 - Extra button: Yahoo! Messenger -

{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -

C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger -

{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -

C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
O12 - Plugin for .spop: C:\Program Files\Internet

Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://uk.yahoo.com
O16 - DPF: Yahoo! Checkers -

http://download.game...nts/y/kt4_x.cab
O16 - DPF: Yahoo! Literati -

http://download.game...nts/y/tt3_x.cab
O16 - DPF: Yahoo! Pool 2 -

http://download.game...ts/y/pote_x.cab
O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) -

http://www.sis.com/ocis/OSInfo.cab
O16 - DPF: {0EB73E39-8AD4-43E8-8FBA-0165C2CCDB8B} (GameControl Class) -

http://www.midasplayer.com/midasa.cab
O16 - DPF: {15589FA1-C456-11CE-BF01-000000000000} -

http://www.errornuke...efault/ErrorNuk

erInstaller.exe
O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} (SiS_OCX Control) -

http://www.sis.com/o...utodetectNT.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine

Advantage Validation Tool) -

http://go.microsoft....k/?linkid=39204
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight

Class) - http://download.zone...ee/cm/ICSCM.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class)

- http://us.dl1.yimg.c...nst_current.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl

Class) -

http://tools.ebayimg...l_v1-0-3-24.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)

-

http://update.micros...en/x86/client/w

uweb_site.cab?1120387613778
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX

6.5) -

http://eu-housecall....et/html/native/

x86/win32/activex/hcImpl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -

http://a840.g.akamai...trendmicro.com/

housecall/xscan53.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) -

http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} -

http://us.dl1.yimg.c...ite/autocomplet

e.cab
O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71}

(InfosFinder2.InfosFinder) -

http://support.packa...nfosFinder2.CAB
O17 -

HKLM\System\CCS\Services\Tcpip\..\{BF0F8FB3-C6CC-4D02-BA25-B4391CCEC665

}: NameServer = 212.74.114.129 212.74.114.193
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program

Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International,

Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: ewido security suite control - ewido networks -

C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program

Files\ewido\security suite\ewidoguard.exe
O23 - Service: NVSvc - NVIDIA Corporation -

C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH -

C:\WINDOWS\System32\oodag.exe
O23 - Service: SmartLinkService (SLService) - -

C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) -

TuneUp Software GmbH - C:\Program Files\TuneUp Utilities

2006\WinStylerThemeSvc.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS)

- H+H Software GmbH - C:\Program Files\Virtual CD v4

SDK\system\vcssecs.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC -

C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP